Fixing resource leak due to open file descriptors in SecurityUtility.java (#1851)

Jai Asher · web-flow · commit c9a369936af3 · 2018-05-28T17:02:06.000-07:00
diff --git a/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java b/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java
@@ -58,7 +58,7 @@ public static SSLContext createSslContext(boolean allowInsecureConnection, Certi
     }
 
     public static SslContext createNettySslContextForClient(boolean allowInsecureConnection, String trustCertsFilePath)
-            throws GeneralSecurityException, SSLException, FileNotFoundException {
+            throws IOException, GeneralSecurityException, SSLException, FileNotFoundException {
         return createNettySslContextForClient(allowInsecureConnection, trustCertsFilePath, (Certificate[]) null,
                 (PrivateKey) null);
     }
@@ -73,21 +73,23 @@ public static SSLContext createSslContext(boolean allowInsecureConnection, Strin
 
     public static SslContext createNettySslContextForClient(boolean allowInsecureConnection, String trustCertsFilePath,
             String certFilePath, String keyFilePath)
-            throws GeneralSecurityException, SSLException, FileNotFoundException {
+            throws IOException, GeneralSecurityException, SSLException, FileNotFoundException {
         X509Certificate[] certificates = loadCertificatesFromPemFile(certFilePath);
         PrivateKey privateKey = loadPrivateKeyFromPemFile(keyFilePath);
         return createNettySslContextForClient(allowInsecureConnection, trustCertsFilePath, certificates, privateKey);
     }
 
     public static SslContext createNettySslContextForClient(boolean allowInsecureConnection, String trustCertsFilePath,
             Certificate[] certificates, PrivateKey privateKey)
-            throws GeneralSecurityException, SSLException, FileNotFoundException {
+            throws GeneralSecurityException, IOException, FileNotFoundException {
         SslContextBuilder builder = SslContextBuilder.forClient();
         if (allowInsecureConnection) {
             builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
         } else {
             if (trustCertsFilePath != null && trustCertsFilePath.length() != 0) {
-                builder.trustManager(new FileInputStream(trustCertsFilePath));
+                try (FileInputStream input = new FileInputStream(trustCertsFilePath)) {
+                    builder.trustManager(input);
+                }
             }
         }
         builder.keyManager(privateKey, (X509Certificate[]) certificates);
@@ -96,7 +98,7 @@ public static SslContext createNettySslContextForClient(boolean allowInsecureCon
 
     public static SslContext createNettySslContextForServer(boolean allowInsecureConnection, String trustCertsFilePath,
             String certFilePath, String keyFilePath)
-            throws GeneralSecurityException, SSLException, FileNotFoundException {
+            throws IOException, GeneralSecurityException, SSLException, FileNotFoundException {
         X509Certificate[] certificates = loadCertificatesFromPemFile(certFilePath);
         PrivateKey privateKey = loadPrivateKeyFromPemFile(keyFilePath);
 
@@ -105,7 +107,9 @@ public static SslContext createNettySslContextForServer(boolean allowInsecureCon
             builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
         } else {
             if (trustCertsFilePath != null && trustCertsFilePath.length() != 0) {
-                builder.trustManager(new FileInputStream(trustCertsFilePath));
+                try (FileInputStream input = new FileInputStream(trustCertsFilePath)) {
+                    builder.trustManager(input);
+                }
             } else {
                 builder.trustManager((File) null);
             }
